cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IOS 14.0 MAC Address Randomization

Highlighted
Here to help

IOS 14.0 MAC Address Randomization

With the release of Apples IOS 14.0, we are going to have some massive issues with blacklisting clients and ensuring devices stay connected on MAC address authenticated networks. Is there anything that meraki can roll out to help mitigate these issues?

 

 

https://support.apple.com/en-us/HT211227

 

 

Thanks for all you guys do!

5 REPLIES 5
Highlighted
Getting noticed

Re: IOS 14.0 MAC Address Randomization

Hello, here is a another topic:

 

https://community.meraki.com/t5/Wireless-LAN/Impact-of-iOS-14-random-MAC-on-IPSK-and-Meraki-function...

 

 

Good point, I hadn't thought of the blacklisting. We do this in two ways, device and/or email address (if public and on splash page). Normally device isn't easy to change, but email is. Now both are essentially easy to change.

Highlighted
Kind of a big deal

Re: IOS 14.0 MAC Address Randomization

It does make it very hard to build an open public network (such as guest networks) when Apple does things like this.

 

The funny thing is - I think this will erode privacy - not improve it.

 

At the moment, you can often just connect to a public network, and the only information they have on you is a MAC address - which on its own is useless.

Now public networks are going to have to collect personally identifiable information like your name, email address, possible mobile number, and then find some way for you to prove who you are before they can give you access.

Highlighted
Kind of a big deal

Re: IOS 14.0 MAC Address Randomization

@jetaylor This is something that is out of Meraki's control. 

Meraki CMNO, Ruckus WISE, Sonicwall CSSA, Allied Telesis CASE & CAI
Highlighted
Conversationalist

Re: IOS 14.0 MAC Address Randomization

Technically you can block clients using randomization but it needs some smarts on your RADIUS server side of things. Look for the second-least-significant bit of the first octect of the MAC addr to be a 1 (this is a locally adminstered address marker) and deny it if a client matches it, look for the least significant bit to be a 0 as well if you want to specifically target unicast.

 

Your problem if you successfully create the policy is that users would need to know how to turn off the MAC randomization for the SSID(s) in order to be able to connect

Highlighted
Here to help

Re: IOS 14.0 MAC Address Randomization

No i totally agree. But like i said is anything available. Meraki has been a huge help in simplifying our organizations network management, it's only fitting to ask. Maybe something could be on the horizon or some suggestions for Best Practices i might not be aware of. 

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels